Description
Before v7.0, first the routing table was supposed to be checked first with "get router info routing-table details <destination>". The reason is that this traffic is local traffic and by default will leave the FortiGate through the same interface as per the routing table.
However, since FortiOS 7.0, new commands' execute telnet-options' and 'execute ssh-options' allow administrators to set the source interface and address for their connection.
This article explains these commands:
execute telnet-options {interface <outgoing interface> | reset | source <source interface IP> | view-settings}
execute ssh-options {interface <outgoing interface> | reset | source <source interface IP> | view-settings}
Scope
FortiGate
Solution
To edit the Telnet options:
execute telnet-options interface port1
execute telnet-options source 1.1.1.1
To confirm that the Telnet packets are using the configured port and address:
diagnose sniffer packet any "port 23" 4
4.070426 port1 out 1.1.1.1.13938 -> 15.15.15.2.23: syn 400156130
4.070706 port1 in 15.15.15.2.23 -> 1.1.1.1.13938: syn 2889776642 ack 400156131
To edit the SSH options:# execute ssh-options interface port1
execute ssh-options source 1.1.1.1
To confirm that the SSH packets are using the configured port and address:
diagnose sniffer packet any "port 22" 4
6.898985 port1 out 1.1.1.1.20625 -> 15.15.15.2.22: syn 1704095779
6.899286 port1 in 15.15.15.2.22 -> 1.1.1.1.20625: syn 753358246 ack 1704095780
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.